This September, tens of thousands of students will arrive at higher education institutions ready to study. Every one of these students needs access to online resources, not to mention the access required by faculty, staff, and even alumni. Every institution is faced with a number of questions: How do you set passwords for all these people? How do you manage the onslaught of inevitable “password” related requests (“I forgot my password”)? How do you ensure that those passwords are safe? And above all, how do you ensure that each of these individuals can get to exactly what they need to get to, without opening the door to resources that they should not access?

Following these tips will mean higher education institutions will avoid potential data breaches and keep end user populations happy.

It goes without saying that authenticating your identity when logging onto the University’s systems is vital for all three user populations, especially in an age where Universities are a key target for attacks. Recently, George Mason University had over 4,400 individuals personal information breached and Butler University has warned more than 160,000 students, alumni, faculty, staff, and past applicants that their personal information was exposed during a data breach in 2013. Therefore it is vital that these user populations’ unique authentication needs are addressed in a way that maximises productivity and minimizes security risks.

Current students need a simple login process to ensure they frequently use it. One easy way to think about this is to keep the login process as close to their social media experience as possible. However, if they leave the institution it needs to be possible to restrict access, in order to prevent students from accessing unapproved data or systems.

Faculty and staff have similar needs to employees in any other corporate organization. They both need and want easy access, but this must be kept specific to their role and all access should be secure and appropriate, in order to maintain security and avoid data breaches.

Alumni, whilst often overlooked, still need limited access yet it needs to be convenient, only giving them access to the appropriate materials, due to the potential for donations from this population. In addition, alumni need to be able to access the systems forever, even if they only log in once a year.

For all three of these user populations the need for passwords will not go away, because users reject anything which makes it harder for them to access the material they need. Therefore for higher educational institutions looking to achieve secure authentication, the following top tips are a good starting point.

Having a good password policy with consistent enforcement is key. Institutions should be clear on the policy and outline it to all user populations upfront. Going further, having a single sign-on is a great option for institutions as it enables greater security by avoiding users writing down numerous passwords, in order to remember them. This also means that in one go users can be stopped from accessing information they no longer need to access. Alongside this multifactor authentication is a great way to ensure security. Finally, to truly prevent breaches institutions should look at authorisation, meaning what people have access to once they have entered into the system. Institutions should strictly control what people can access and this will differ according to which population a user sits in.

This concept of role-based access control is critical. Defining access based on who a user is and what someone with that demographic should and should not be able to do will overcome the vast majority of security concerns. If at the very core user identities and accounts are aligned to granular definitions that include what is and is not allowed for that particular role, then authentication simply becomes the means of proving who the logging in entity is. – authorization is taking care of the heavy lifting of enforcing what that logon allows the user to do and access. Combined, authentication (controlled through string password policy and streamlined through single sign-on) and authorization (based on specific user roles, rights, organizational policy, and comprehensive provisioning workflows) provide access. The right access, every time, all the time.

Following these tips will mean higher education institutions will avoid potential data breaches and keep end user populations happy.